In
Principles
for the Fair
Handling of Personal Information and
the Guidelines
for
Federal & ACT
Government Websites.
Other Commonwealth laws contain privacy
provisions relating to information about
health insurance
claims, data matching, information about old criminal convictions
and personal
information disclosed by telecommunications companies, video
surveillance,
telephone interception or 'bugging', and physical intrusion into
private spaces.
The new regime aims to:
boundaries
moving personal
information overseas
Overseas activities
The Act will apply to the overseas activities
of Australian and foreign
organisations, in the context
of personal information of an Australian
citizen or resident,
if there's a link with
link with
incorporated in
Territory; or
or an external
territory, either before or at the time of the activity.
Overseas activity required by law
If an organisation's
overseas activity is required by the law of a foreign
country,then
it doesn't interfere with the privacy of an individual.
Sending personal
information out of Australia
There are currently no legislative
prohibitions on organisations transferring
personal information
from
organisations
will have to comply with the NPP
9, which relates to the transborder
flow of data. It
prohibits the transfer of personal information to other countries
unless certain
criteria are met. It's based on the restrictions on international
transfers of
personal information set out in the European
Directive 95/46.
NPP 9 does not prevent the transfer of
personal information out of
an organisation to another part of that organisation,
or to the individual concerned.
An organisation may
transfer personal information overseas provided that
one of the following
conditions is satisfied:
the organisation reasonably believes a law, binding scheme or
contract
applies at the
destination which effectively delivers privacy standards
substantially
similar to the NPPs;
the individual
consents to the transfer;
the transfer is for
the benefit of the individual and it's impracticable to obtain
consent, but it's
likely consent would be given;
the transfer is
required by a contract between the individual and the organization
, or a contract between the organisation and a third party in the interests of the
individual; or the organisation has taken reasonable steps to ensure the
information won't be
held, used or disclosed by its recipient inconsistently
with the NPPs.
It is important to note that NPP
9 will apply to information collected before
means that after
information out of
regardless of when
it was collected.
Sending personal
information into Australia
The European Union has imposed a minimum
standard for data handling
practices on its
members (EU Directive
on the Protection of Individuals
with regard to the Processing
of Personal Data and the Free Movement
of such data 95/46). It requires data transferred outside the EU to be
handled
in a specific
manner.
in line with this
minimum standard.
Under EU Privacy Legislation, the EU can
assess whether specific data
regimes are
"adequate". If they are, organisations
coming under the EU
regime can
participate in trade involving personal information with the EU
member states with
no further privacy safeguards. The EU has begun to
asses the new
Australian regime to see whether it meets the required
standard.
Latest
developments
An EU working party has released its opinion
on whether
privacy regime meets
the "adequacy" test: the outcome is more work needs
to be done.
Until the new privacy regime is approved by
the EU, you may be asked to
provide appropriate
privacy protection to the sender if you want to receive
information from
outside
Other Commonwealth laws contain privacy
provisions relating to information
about health
insurance claims, data matching, information about old criminal
convictions and
personal information disclosed by telecommunications
companies, video
surveillance, telephone interception or 'bugging', and
physical intrusion
into private spaces.